github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/elasticsearch/use_secure_tls_policy_test.go (about) 1 package elasticsearch 2 3 import ( 4 "testing" 5 6 defsecTypes "github.com/khulnasoft-lab/defsec/pkg/types" 7 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 10 "github.com/khulnasoft-lab/defsec/pkg/providers/aws/elasticsearch" 11 "github.com/khulnasoft-lab/defsec/pkg/scan" 12 13 "github.com/stretchr/testify/assert" 14 ) 15 16 func TestCheckUseSecureTlsPolicy(t *testing.T) { 17 tests := []struct { 18 name string 19 input elasticsearch.Elasticsearch 20 expected bool 21 }{ 22 { 23 name: "Elasticsearch domain with TLS v1.0", 24 input: elasticsearch.Elasticsearch{ 25 Domains: []elasticsearch.Domain{ 26 { 27 Metadata: defsecTypes.NewTestMetadata(), 28 Endpoint: elasticsearch.Endpoint{ 29 Metadata: defsecTypes.NewTestMetadata(), 30 TLSPolicy: defsecTypes.String("Policy-Min-TLS-1-0-2019-07", defsecTypes.NewTestMetadata()), 31 }, 32 }, 33 }, 34 }, 35 expected: true, 36 }, 37 { 38 name: "Elasticsearch domain with TLS v1.2", 39 input: elasticsearch.Elasticsearch{ 40 Domains: []elasticsearch.Domain{ 41 { 42 Metadata: defsecTypes.NewTestMetadata(), 43 Endpoint: elasticsearch.Endpoint{ 44 Metadata: defsecTypes.NewTestMetadata(), 45 TLSPolicy: defsecTypes.String("Policy-Min-TLS-1-2-2019-07", defsecTypes.NewTestMetadata()), 46 }, 47 }, 48 }, 49 }, 50 expected: false, 51 }, 52 } 53 for _, test := range tests { 54 t.Run(test.name, func(t *testing.T) { 55 var testState state.State 56 testState.AWS.Elasticsearch = test.input 57 results := CheckUseSecureTlsPolicy.Evaluate(&testState) 58 var found bool 59 for _, result := range results { 60 if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckUseSecureTlsPolicy.Rule().LongID() { 61 found = true 62 } 63 } 64 if test.expected { 65 assert.True(t, found, "Rule should have been found") 66 } else { 67 assert.False(t, found, "Rule should not have been found") 68 } 69 }) 70 } 71 }